- Dec 23, 2014
- 8,591
The problem of corrupted files is more complex. These files can be a part of the larger attack (payloads) but simply require the initial loader or external resources (*.tmp, *.dll, *.dat, etc.).
They cannot be executed alone, so they cannot be also detected dynamically in such tests. They can be detected when the attack is monitored starting from the initial malware and ending with the final payload. After detecting the full attack, the signatures of such payloads can be blacklisted as for standard malicious files.
Post edited.
They cannot be executed alone, so they cannot be also detected dynamically in such tests. They can be detected when the attack is monitored starting from the initial malware and ending with the final payload. After detecting the full attack, the signatures of such payloads can be blacklisted as for standard malicious files.
Post edited.
Last edited: